SUSE-SU-2022:0225-1: moderate: Security update for SUSE Manager Server 4.1
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Jan 28 17:22:03 UTC 2022
SUSE Security Update: Security update for SUSE Manager Server 4.1
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:0225-1
Rating: moderate
References: #1173103 #1173143 #1184617 #1187708 #1188505
#1188900 #1190114 #1190446 #1191192 #1191222
#1191285 #1191313 #1191340 #1191377 #1191412
#1191442 #1191656 #1191702 #1191899 #1192487
#1192514 #1192736 #1193008 #1193585 #1193612
#1193694 #1193832 #1194990
Cross-References: CVE-2020-25638
CVSS scores:
CVE-2020-25638 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2020-25638 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.1
______________________________________________________________________________
An update that solves one vulnerability and has 27 fixes is
now available.
Description:
This update fixes the following issues:
hibernate5:
- Fix potential SQL injection CVE-2020-25638 (bsc#1193832)
mgr-libmod:
- Version 4.1.10-1
* require python macros for building
mgr-osad:
- Version 4.1.6-1
* require python macros for building
prometheus-formula:
- Version 0.3.5
* Add support for new Uyuni SD in Prometheus >= 2.31
py27-compat-salt:
- Fix `tmpfiles.d` configuration for salt to not use legacy paths
(bsc#1173103)
- Remove wrong `_parse_cpe_name` from grains.core
- Fix file.find tracebacks with non utf8 file names (bsc#1190114)
- Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412)
- Added Python2 build possibility for RHEL8
- Do not consider skipped targets as failed for ansible.playbooks state
(bsc#1190446)
- Fix traceback.*_exc() calls
- Fix the regression of docker_container state module (bsc#1191285)
spacecmd:
- Version 4.1.16-1
* require python macros for building
spacewalk-admin:
- Version 4.1.11-1
* add service to update configfile and introduce a backup scc user
spacewalk-backend:
- Version 4.1.30-1
* Add headers to update proxy auth token in listChannels (bsc#1193585)
* require python macros for building
* Fix the IS_SUSE variable in spacewalk-debug
* exchange zypp-plugin dependency to use the python3 version
(bsc#1192514)
* Minor spec update.
* Added RHN config parameter httpd_config_dir.
spacewalk-certs-tools:
- Version 4.1.20-1
* Make bootstrap script to use bash when called with a different
interpreter (bsc#1191656)
spacewalk-client-tools:
- Version 4.1.11-1
* require python macros for building
spacewalk-java:
- Version 4.1.43-1
* Fix stack overflow when building a CLM project from modular sources
(bsc#1194990)
* Avoid using RPM tags when filtering modular packages in CLM
(bsc#1192487)
* fix XML syntax in cobbler snippets (bsc#1193694)
* Fix stripping module metadata when cloning channels in CLM
(bsc#1193008)
* Fix system information forwarding to SCC (bsc#1188900)
* forward registration data to SUSE Customer Center
* Run Prometheus JMX exporter as Java agent (bsc#1184617)
* Fix calling wrong XMLRPC bootstrap method (bsc#1192736)
* Fix package update action with shared channels (bsc#1191313)
* fix issue with empty action chains getting deleted too early
(bsc#1191377)
* switch to best repo auth item for contentsources (bsc#1191442)
* Set product name and version in the User-Agent header when connecting
to SCC
* update last boot time of SSH Minions after bootstrapping (bsc#1191899)
* Mark SSH minion actions when they're picked up (bsc#1188505)
* Add compressed flag to image pillars when kiwi image is compressed
(bsc#1191702)
* mgr-sync refresh logs when a vendor channel is expired and shows how
to remove it (bsc#1191222)
- Readable error when "mgr-sync add channel" is called with a non-existing
label (bsc#1173143)
spacewalk-reports:
- Version 4.1.5-1
* Fixes query for system-history report to prevent more than one row
returned by a subquery with rhnxccdftestresult.identifier (bsc#1191192)
spacewalk-setup:
- Version 4.1.10-1
* Increase "max_event_size" value for the Salt master (bsc#1191340)
* Leave Cobbler bootloader directory at the default (bsc#1187708)
* Don't delete cobbler.conf contents.
* Fixed FileNotFoundError on cobbler setup.
* cobbler20-setup was removed
* spacewalk-setup-cobbler was reimplemented in Python
* Config files for Cobbler don't get edited in place anymore, thus the
original
ones are saved with a ".backup" suffix
spacewalk-utils:
- Version 4.1.19-1
* require python macros for building
spacewalk-web:
- Version 4.1.31-1
* Update Web UI version to 4.1.13
suseRegisterInfo:
- Version 4.1.4-1
* require python macros for building
susemanager:
- Version 4.1.32-1
* add additional default config values for forwarding registrations to
SCC
susemanager-doc-indexes:
- In the Troubleshooting section of the Client Configuration Guide, SUSE
Linux Enterprise Server 11 clients also require previous SSL versions
installed on the server
susemanager-docs_en:
- In the Troubleshooting section of the Client Configuration Guide, SUSE
Linux Enterprise Server 11 clients also require previous SSL versions
installed on the server
susemanager-schema:
- Version 4.1.24-1
* Fix rhnChannelNewestPackageView in case there are duplicates
(bsc#1193612)
* DB schema to support forwarding data to SCC
susemanager-sls:
- Version 4.1.32-1
* Run Prometheus JMX exporter as Java agent (bsc#1184617)
* Fix problem installing/removing packages using action chains in
transactional systems
* Don't create skeleton /srv/salt/top.sls
* Add missing compressed_hash value from Kiwi inspect (bsc#1191702)
uyuni-common-libs:
- Version 4.1.10-1
* Read modularity data from DISTTAG tag as fallback (bsc#1192487)
* require python macros for building
How to apply this update:
1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk
service: `spacewalk-service stop` 3. Apply the patch using either zypper
patch or YaST Online Update. 4. Start the Spacewalk service:
`spacewalk-service start`
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-225=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64):
python3-uyuni-common-libs-4.1.10-3.15.1
susemanager-4.1.32-3.42.2
susemanager-tools-4.1.32-3.42.2
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch):
hibernate5-5.3.7-3.6.1
mgr-libmod-4.1.10-3.25.2
mgr-osa-dispatcher-4.1.6-2.12.2
prometheus-formula-0.3.5-3.15.1
py27-compat-salt-3000.3-6.18.1
python3-mgr-osa-common-4.1.6-2.12.2
python3-mgr-osa-dispatcher-4.1.6-2.12.2
python3-spacewalk-certs-tools-4.1.20-3.25.2
python3-spacewalk-client-tools-4.1.11-4.18.2
python3-suseRegisterInfo-4.1.4-4.6.2
spacecmd-4.1.16-4.33.2
spacewalk-admin-4.1.11-3.18.2
spacewalk-backend-4.1.30-4.47.2
spacewalk-backend-app-4.1.30-4.47.2
spacewalk-backend-applet-4.1.30-4.47.2
spacewalk-backend-config-files-4.1.30-4.47.2
spacewalk-backend-config-files-common-4.1.30-4.47.2
spacewalk-backend-config-files-tool-4.1.30-4.47.2
spacewalk-backend-iss-4.1.30-4.47.2
spacewalk-backend-iss-export-4.1.30-4.47.2
spacewalk-backend-package-push-server-4.1.30-4.47.2
spacewalk-backend-server-4.1.30-4.47.2
spacewalk-backend-sql-4.1.30-4.47.2
spacewalk-backend-sql-postgresql-4.1.30-4.47.2
spacewalk-backend-tools-4.1.30-4.47.2
spacewalk-backend-xml-export-libs-4.1.30-4.47.2
spacewalk-backend-xmlrpc-4.1.30-4.47.2
spacewalk-base-4.1.31-3.39.1
spacewalk-base-minimal-4.1.31-3.39.1
spacewalk-base-minimal-config-4.1.31-3.39.1
spacewalk-certs-tools-4.1.20-3.25.2
spacewalk-client-tools-4.1.11-4.18.2
spacewalk-html-4.1.31-3.39.1
spacewalk-java-4.1.43-3.63.1
spacewalk-java-config-4.1.43-3.63.1
spacewalk-java-lib-4.1.43-3.63.1
spacewalk-java-postgresql-4.1.43-3.63.1
spacewalk-reports-4.1.5-3.9.1
spacewalk-setup-4.1.10-3.15.2
spacewalk-taskomatic-4.1.43-3.63.1
spacewalk-utils-4.1.19-3.27.2
spacewalk-utils-extras-4.1.19-3.27.2
suseRegisterInfo-4.1.4-4.6.2
susemanager-doc-indexes-4.1-11.49.2
susemanager-docs_en-4.1-11.49.1
susemanager-docs_en-pdf-4.1-11.49.1
susemanager-schema-4.1.24-3.39.2
susemanager-sls-4.1.32-3.54.1
susemanager-web-libs-4.1.31-3.39.1
uyuni-config-modules-4.1.32-3.54.1
References:
https://www.suse.com/security/cve/CVE-2020-25638.html
https://bugzilla.suse.com/1173103
https://bugzilla.suse.com/1173143
https://bugzilla.suse.com/1184617
https://bugzilla.suse.com/1187708
https://bugzilla.suse.com/1188505
https://bugzilla.suse.com/1188900
https://bugzilla.suse.com/1190114
https://bugzilla.suse.com/1190446
https://bugzilla.suse.com/1191192
https://bugzilla.suse.com/1191222
https://bugzilla.suse.com/1191285
https://bugzilla.suse.com/1191313
https://bugzilla.suse.com/1191340
https://bugzilla.suse.com/1191377
https://bugzilla.suse.com/1191412
https://bugzilla.suse.com/1191442
https://bugzilla.suse.com/1191656
https://bugzilla.suse.com/1191702
https://bugzilla.suse.com/1191899
https://bugzilla.suse.com/1192487
https://bugzilla.suse.com/1192514
https://bugzilla.suse.com/1192736
https://bugzilla.suse.com/1193008
https://bugzilla.suse.com/1193585
https://bugzilla.suse.com/1193612
https://bugzilla.suse.com/1193694
https://bugzilla.suse.com/1193832
https://bugzilla.suse.com/1194990
More information about the sle-security-updates
mailing list